Documentation
¶
Overview ¶
package client
The client package contains the client-side types for interfacing with reverst tunnels. The client itself is a http Server implementation that dials out to a tunnel server, performs a handshake to identify and authenticate the relevant tunnel group to register with, and then it switches roles into that of the server.
Example ¶
package main
import (
"context"
"crypto/tls"
"net/http"
"go.flipt.io/reverst/client"
)
func main() {
server := &client.Server {
TunnelGroup: "some-group",
Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request {
w.Write([]byte("Hello, World!"))
})),
TLSConfig: &tls.Config{InsecureSkipVerify: true}
}
server.DialAndServe(ctx, "some.reverst.tunnel:8443")
}
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // DefaultTLSConfig is the default configuration used for establishing // TLS over QUIC. DefaultTLSConfig = &tls.Config{ NextProtos: []string{protocol.Name}, } // DefaultQuicConfig is the default configuration used for establishing // QUIC connections. DefaultQuicConfig = &quic.Config{ MaxIdleTimeout: 20 * time.Second, KeepAlivePeriod: 10 * time.Second, } )
Functions ¶
This section is empty.
Types ¶
type Authenticator ¶
type Authenticator interface {
Authenticate(context.Context, *protocol.RegisterListenerRequest) error
}
Authenticator is a type which adds authentication credentials to an outbound register listener request. It is called before the request is serialized and written to the stream.
func BasicAuthenticator ¶
func BasicAuthenticator(username, password string) Authenticator
BasicAuthenticator returns an instance of Authenticator which configures Basic authentication on requests passed to Authenticate using the provided username and password
func BearerAuthenticator ¶
func BearerAuthenticator(token string) Authenticator
BearerAuthenticator returns an instance of Authenticator which configures Bearer authentication on requests passed to Authenticate using the provided token string
type AuthenticatorFunc ¶
type AuthenticatorFunc func(context.Context, *protocol.RegisterListenerRequest) error
AuthenticatorFunc is a function which implements the Authenticator interface
func (AuthenticatorFunc) Authenticate ¶
func (a AuthenticatorFunc) Authenticate(ctx context.Context, r *protocol.RegisterListenerRequest) error
Authenticate delegates to the underlying AuthenticatorFunc
type Server ¶
type Server struct {
// TunnelGroup is an identifier for the group in which this server should
// be registered against on the target tunnel server.
TunnelGroup string
// Handler is the root http.Handler of the server instance.
Handler http.Handler
// Logger allows the caller to configure a custome *slog.Logger instance.
// If not defined then Server uses the default instance returned by slog.Default.
Logger *slog.Logger
// TLSConfig is used to configure TLS encryption over the Quic connection.
// See DefaultTLSConfig for the parameters used which this is set to nil.
TLSConfig *tls.Config
// QuicConfig is used to configure Quic connections.
// See DefaultQuicConfig for the parameters used which this is set to nil.
QuicConfig *quic.Config
// Authenticator is the Authenticator used to authenticate outbound
// listener registration requests.
Authenticator Authenticator
// OnConnectionReady is called when the server has successfully
// registered itself with the upstream tunnel server
OnConnectionReady func(protocol.RegisterListenerResponse)
}
Server is an alternative HTTP server that dials to a reverst Tunnel server and attempts to remotely register itself as a listener. Given the connection is established and authorized as a valid listener the server switches into serving mode and handles HTTP/3 requests over the connection. The Tunnel should forward requests to this connection and any others in the same tunnel group. The group is identified via the TLSConfig.ServerName.
Source Files